Homeland 
Security 

Daily Open Source Infrastructure Report 

2 1 October 2013 

Top Stories 

• Toyota announced a recall of 803,000 vehicles due to the potential for an electrical issue 
that could cause a short circuit and turn on airbag warning lights or disable the airbags. - 
Detroit Bureau (See item 3) 

• Police in Finland arrested a man believed to be part of an international cybercrime ring that 
has been using over 60,000 compromised servers to commit credit card fraud. - Softpedia 
(See item 4 ) 

• A federal court issued a judgment fining HSBC $2.46 billion due to a unit of the company 
that filed false and misleading statements and engaged in other practices that inflated its 
share price. - Reuters (See item 6) 

• Costco’s El Camino Real store in San Francisco added an additional 14,093 units of 
rotisserie chicken products to an ongoing recall due to potential contamination with a strain 
of Salmonella. - Meat & Poultry (See item 14 ) 
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Energy Sector 



1. October 17, Reuters; Forum of F ar go -Moorhead - (North Dakota) Tesoro detected 
anomalies on ND line before leak. Tesoro Logistics LP announced October 17 that 
they detected anomalies during an inspection of its 20-year-old North Dakota pipeline 
days prior to the rupture and spill of 20,600 barrels of Bakken oil onto farmland 
September 29. The pipeline remains shutdown while regulators continue to investigate. 
Source: http://www.inforum.com/event/article/id/415551/group/News/ 

T Return to topi 

Chemical Industry Sector 

Nothing to report 



T Return to topi 

Nuclear Reactors, Materials, and Waste Sector 

2. October 18, Baltimore Sun - (National) GAO questions disparities in nuclear plant 
oversight. A U.S. Government Accountability Office report on the U.S Nuclear 
Regulatory Commission (NRC)’s oversight of nuclear power plants found regional 
disparities in the reporting of low-level safety violations, and that the NRC’s record- 
keeping system was inadequate for use by the public and NRC inspectors. 

Source: http://www.baltimoresun.com/features/green/blog/bal-gao-hits-regional- 
disparitv-in-nuclear-plant-safety-oversight-20 1 3 1 0 1 7,0, 1 0745 84. story 

T Return to topi 

Critical Manufacturing Sector 

3. October 17, Detroit Bureau - (National) Toyota recalls 803,000 vehicles over airbag 
problem. Toyota announced a recall of 803,000 model year 2012 and 2013 Camry, 
Avalon, and Venza vehicles due to the potential for an electrical issue that could cause 
a short circuit and turn on airbag warning lights or disable the airbags. 

Source: http://editorial.autos.msn.com/tovota-recalls-803000-cars-for-airbag-defect 

T Return to topi 



Defense Industrial Base Sector 



Nothing to report 



T Return to topi 
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Financial Services Sector 



4. October 18, Softpedia - (International) Finnish police arrest man allegedly involved 
with international hacker group. Police in Finland arrested a man believed to be part 
of a cybercrime ring that has been using over 60,000 compromised servers to commit 
credit card fraud. Police found information on 3,000 non-Finish payment cards on the 
suspect’s computer and the man admitted to using the information to make purchases. 
Source: http://news.softpedia.com/news/Finnish-Police-Arrest-Man-Allegedly- 
Involved-with-International-Hacker-Group-392362.shtml 

5. October 18, WPX1 11 Pittsburgh - (Pennsylvania) Feds arrest Romanian nationals 
accused of placing skimming devices in 2 Pittsburgh post offices. Authorities in 
Pittsburgh arrested two Romanian nationals as they were allegedly retrieving skimming 
devices attached to an automated postal machine inside a post office, with a skimming 
device also reported in another post office. 

Source: http://www.wpxi.com/news/news/local/2-men-accused-using-skimming- 
devices-stamp-machine/nbQ3w/ 

6. October 17, Reuters - (National) HSBC is fined $2.46 billion in securities fraud 
case. A federal court issued a judgment October 17 fining HSBC $2.46 billion in a 
class action lawsuit filed against Household International, which was later bought by 
HSBC, due to the lender’s leadership making false and misleading statements and 
engaging in other practices that inflated the company’s share price. 

Source: http://www.nytimes.com/2013/10/18/business/hsbc-is-fined-2-46-billion-in- 
securities-fraud-case.html 

7. October 17, Dark Reading - (International) DDoS attack used ‘headless’ browsers in 
150-hour siege. Incapsula reported that an unnamed trading platform was subject to a 
distributed denial of service (DDoS) attack that employed around 180,000 IP addresses 
and lasted 150 hours. The attack used a version of the Phantom IS ‘headless browser’ 
developer tool to simulate traffic from actual users and was thus more difficult to 
mitigate. 

Source: http://www.darkreading.com/attacks-breaches/ddos-attack-used-headless- 
browsers-in- 15/240 162777 

8. October 17, North Bay Business Journal - (California) FDIC seeks $12 million from 
former Sonoma Valley Bank executives. The Federal Deposit Insurance Corporation 
filed a lawsuit against three former officers and directors of the failed Sonoma Valley 
Bank and is seeking $12 million from them for allegedly knowingly acting in violation 
of State regulations and the bank’s internal standards. 

Source: http://www.northbavbusinessioumal.com/81603/fdic-seeks-12-million-from- 
former-sonoma-valley-bank-executives/ 

9. October 1 7, U.S. Attorney ’s Office, District of Rhode Island - (Rhode Island) 

Computer technology firm CEO pleads guilty to bank fraud, money laundering. 

The CEO and vice president of General Technologies Corporation, doing business as 
CompUtopia, October 15 pleaded guilty in U.S. District Court in Providence to a bank 
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fraud and money laundering scheme that defrauded Rockland Trust Company of more 
than $5 million. 

Source: http://www.fbi.gov/boston/press-releases/2013/computer-technologv-firm-ceo- 
pleads-guilty-to-bank-fraud-monev-laundering 

For another story, see item 19 



T Return to topi 

Transportation Systems Sector 

10. October 18, Fairbanks Daily News-Miner - (Alaska) One dead in small plane crash 
at Fairbanks airport. A small plane that crashed off the south end of Fairbanks 
International Airport in Alaska killed one person and injured two others October 17. 
The National Transportation Safety Board is investigating the crash. 

Source: http://www.newsminer.com/news/local news/small-plane-crashes-at- 
fairbanks-airport/article b3d83cf4-3799- 1 1 e3-b 157-00 1 a4bcf6878 .html 

11. October 17, WX1A 11 Atlanta - (National) Delta website functional after daylong 
glitches. Delta Air Lines' Web site and Delta's mobile apps encountered unexpected 
server issues and outages for approximately 4 hours October 17. 

Source: http://www. 1 1 alive.com/news/article/3 10206/40/Delta- website-back-up-and- 
running 

12. October 17, WTVJ 6 Miami - (Florida) 32 people injured in bus crash with tow 
truck in Pompano Beach. An accident involving a Broward County Transit bus and a 
semi-truck in Pompano Beach injured 32 people October 17. 

Source: http://www.nbcmiami.com/news/local/26-Passengers-in-Bus-Crash-With-Tow- 
Truck-in-Pompano-Beach-22823877 1 .html 

13. October 17, Marquette Mining Journal - (Michigan) U.P. post office evacuated. The 
Iron Mountain post office in Michigan was evacuated and closed for several hours 
before it was determined that there was no threat after an employee found a suspicious 
briefcase in the lobby October 15. 

Source: http://www.miningiournal.net/page/content.detail/id/591570/U-P--post-office- 
evacuated.html 

For another story, see item 5 
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Food and Agriculture Sector 

14. October 17, Meat & Poultry - (California) Costco expands recall of rotisserie 
chicken. Costco’s El Camino Real store in San Francisco added an additional 14,093 
units of Kirkland Farm and Kirkland Signature Foster Farms rotisserie chicken 
products to an ongoing recall due to potential contamination with a strain of 
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Salmonella. Officials are investigating the source of the contamination. 

Source: 

http://www.meatpoultrv.com/articles/news home/Food Safety/2013/lQ/Costco expan 
ds recall of rotis.aspx?ID=%7BD3562143-3E43-441C-A2E9-B4D2F8EF37C9%7D 



I Return to topi 

Water and Wastewater Systems Sector 

15. October 17, KTLA 5 Los Angeles - (California) Broken water main floods West 
Hollywood neighborhood. The Los Angeles Department of Water and Power reported 
dozens of customers lost water services after a 12-inch main burst October 17 and sent 
100,000 gallons of water into a residential neighborhood. 

Source: http://ktla.com/2013/10/17/broken-water-main-sends-100000-gallons-into- 
weho-neighborhood/ 

16. October 16, San Angelo Live - (Texas) Thousands of gallons of water flow down city 
streets. Crews from the San Angelo Water Distribution Authority released 115,000 
gallons of water from a water tank after piping in order to perform maintenance to 
piping leading to the main tank. City officials reassured the public that there was no 
need to be concerned about the water supply. 

Source: http://sanangelolive.com/news/2013-10-16/updated-thousands-gallons-water- 
flow-down-city-streets 
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Healthcare and Public Health Sector 

17. October 17, Bakersfield Californian - (California) VA says its patient records 
weren’t compromised. After several allegations that confidential patient records were 
removed and compromised from the Bakersfield Veterans Administration Clinic, the 
clinic announced that three separate investigations over the course of several months 
determined no patient information was released or mishandled in any way. 

Source: http://www.bakersfieldcalifomian.com/health/xl96574180/VA-says-its- 
patient-records-werent-compromised 

18. October 17, Associated Press - (North Dakota) Health officials probe hepatitis C 
outbreak in ND. State and federal health officials identified 7 cases of hepatitis C and 
are investigating 28 others after the cases were linked to individuals who are former or 
current residents of ManorCare Health Services in Minot. Authorities are investigating 
how and where people were infected. 

Source: http://www.grandforksherald.com/event/article/id/275954/group/homepage/ 

19. October 17, Associated Press - (Maryland) 4 charged with stealing $750K in 
merchandise using patients’ stolen information. Prosecutors charged four women for 
using the personal information of nearly 50 patients from medical offices where two of 
the women worked to take over credit accounts from department stores and steal over 
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$750,000 in merchandise. 

Source: http://www.washingtonpost.com/local/4-charged-with-stealing-750k-in- 
merchandise-using-patients-stolen-information/2013/10/17/81f8efea-3789-lle3-89db- 
8002ba99b894 story.html 
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Government Facilities Sector 

20. October 18, Harrisburg Patriot-News - (Pennsylvania) Damaged wiring causes 
power outage that cancels classes at two East Pennsboro Township schools. 
Officials cancelled classes at East Pennsboro Area Middle School and East Pennsboro 
Elementary School October 18 after a damaged wire shorted and caused a power 
outage at the middle school. Crews worked to repair the damaged wire. 

Source: 

http://www.pennlive.com/midstate/index.ssf/2013/10/damaged wiring causes power 
ou.html 

21. October 17, Associated Press - (South Carolina) 2 SC women sentenced for Social 
Security fraud. Two South Carolina women pleaded guilty to stealing nearly $200,000 
in fraudulent Social Security payments after falsely claiming to be blind. Authorities 
sentenced them to federal prison and ordered them to repay the government. 

Source: http://www.islandpacket.com/2013/10/17/2742973/2-sc-women-sentenced-for- 
social.html 

22. October 17, Dark Reading - (National) New study: Half of federal agency security 
breaches caused by lack of user compliance. A report conducted by a private-public 
partnership determined that cyber security professionals from federal agencies often 
fail to take user experience into consideration when deploying cyber security solutions, 
resulting in end users circumventing security measures and opening their agencies up to 
data theft, data loss, and distributed denial-of-service (DDoS) attacks. 

Source: http://www.darkreading.com/govemment-vertical/new-study-half-of-federal- 
agency-securit/240 162773 

23. October 17, KCNC 4 Denver - (Colorado) Some DPS students medical records in 
hands of thief. Denver Public Schools notified 100 students’ parents after a suitcase 
containing a thumb drive with the student’s medical history was stolen from a school 
nurse’s car October 5. 

Source: http://denver.cbslocal.com/2013/10/17/some-dps-students-medical-records-in- 
hands-of-thief/ 

24. October 17, KCTV 5 Kansas City - (Missouri) Students injured in Blue Summit 
school bus crash. Two students were injured after an Independence District school bus 
crashed into a power pole October 17 in Blue Summit. 

Source: http://www.kctv5.com/story/23717752/students-iniured-in-blue-summit- 
school-bus-crash 
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25. October 17, SC Magazine - (National) College networks hit with highest incidence 
of malware infections, firm finds. Researchers from OpenDNS discovered that 
college and university networks were 300 percent more likely to contain malware than 
government organizations or business entities that faced the same cyberattacks, due to 
inadequate protection when students are off campus and connected to unsecure 
networks. 

Source: http://www.scmagazine.com//college-networks-hit-with-highest-incidence-of- 
malware-infections-fiim-finds/article/3 16776/ 
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Emergency Services Sector 

See item 28 
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Information Technology Sector 

26. October 18, Threatpost - (International) VMware patches flaws in ESX, vCenter. 
VMware issued several patches for its products, including vCenter and ESX, closing a 
number of vulnerabilities that could be used for authentication bypass or denial of 
service. 

Source: http://threatpost.com/vmware-patches-flaws-in-esx-vcenter 

27. October 18, Softpedia - (International) Video game forum NeoGAF hacked, user 
passwords reset. Video game forum NeoGAF reset its users’ passwords after an 
administrator account was briefly compromised and could have been used to steal user 
information. 

Source: http://news.softpedia.com/news/Video-Game-Forum-NeoGAF-Hacked-User- 
Passwords-Reset-392448.shtml 



For additional stories, see items 4 and 7 

Internet Alert Dashboard 

To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or 
visit their Web site: http://www.us-cert.gov 

Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and 
Analysis Center) Web site: https://www.it-isac.org 
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Communications Sector 

28. October 18, Yakima Herald - (Washington) Phone service restored after theft of 
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1,000 feet of cable. Cellular phone, Internet, and landline services were restored to 
CenturyLink customers and 9-1-1- services in several areas near Yakima October 17 
following the theft of about 1,000 feet of copper and fiber optic cable which caused the 
outage. 

Source: http://www.yakimaherald.com/news/latestlocalnews/1588352-8/phone-service- 
down-in-gleed-area-91 1-also 

29. October 17, KGWN 2 Cheyenne - (National) New telemarketing laws aim to protect 
cell phone users. New Federal Communications Commission rules will limit 
telemarketers’ ability to call and text cell phones using automatic dialing systems and 
require written consent from consumers before contacting them using automatic 
systems. 

Source: http://kwgn.com/2013/10/17/new-telemarketing-laws-aim-to-protect-cell- 
phone-users/ 
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Commercial Facilities Sector 

30. October 16, Manassas - (Virginia) 4,000 feet of copper cable stolen from Manassas 
Park business. Manassas Park Police are investigating the October 7 theft of 4,366 feet 
of copper wire from the lot of Lee Construction Company with a value of $10,133. 
Source: http://manassas.patch.com/groups/police-and-fire/p/4000-feet-of-copper-cable- 
stolen-from-manassas-park-business 
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Dams Sector 



Nothing to report 
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NTAS 
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NO ACTIVE ALERTS 
www.DHS.gov/alerts 



Department of Homeland Security (DHS) 

DHS Daily Open Source Infrastructure Report Contact Information 



About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] 
summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily 
Open Source Infrastructure Report is archived for 10 days on the Department of Homeland Security Web site: 
http://www.dhs.gov/IPDailyReport 

Contact Information 

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS 

Daily Report Team at (703) 942-8590 

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow 

instructions to Get e-mail updates when this information changes . 

Removal from Distribution List: Send mail to support @ govdelivery.com . 



Contact DHS 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure 
Coordinating Center at nicc@hq.dhs.gov or (202) 282-9201. 

To report cyber infrastructure incidents or to request information, please contact US -CERT at soc@us-cert.gov or visit 
their Web page at www.us-cert.gov . 

Department of Homeland Security Disclaimer 

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform 
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright 
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source 
material. 
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